Sonatype delivers Sonatype Insight, a new solution for governing the use of open-source software in enterprise systems development.
Sonatype has delivered Sonatype Insight, a new suite of software
products and services to help ensure the integrity of open-source components in
the software supply chain of enterprise systems.
Insight provides visibility and control of open-source component use by development
teams to enable user organizations to benefit from the economic and development
efficiencies of open source without quality, security or licensing risks, the
Insight is nonintrusive and tightly interwoven with existing development
processes, the company said. Sonatype said user organizations can gain
actionable intelligence about open-source usage at any stage of the
application-development process. After applications are released to production,
Sonatype Insight continuously monitors their bill-of-materials and alerts users
if new quality or security defects are uncovered.
brought to market a truly unique product suite to meet an increasingly
important function of application development and enterprise IT-software composition
analysis-one that has direct consequences to the security, quality, business
risk and compliance of an organization," Wayne Jackson, CEO of Sonatype, said in
a statement. "As the pervasiveness of open source continues, the market
opportunity for Insight is tremendous and should appeal to all Java software
developers (6 million and counting) and any company in the world that has used
open-source components at any point during the development of mission-critical
officials said Sonatype Insight leverages the Central Repository-the repository
for open-source software (OSS) components used by more than 40,000
organizations and containing more than 300,000 Java components from open-source
projects. Indeed, according to Sonatype, in addition to containing more than
300,000 Java components, the Central Repository is on pace to support 90
percent of all Java open-source projects by the end of 2011.
the principal caretaker of the Central Repository, Sonatype can provide more
than manual checks and first-generation scans to discover the composition of
applications. Sonatype Insight goes deeper to find flawed components, even when
they're hidden deep in an application's dependency tree. As a pioneer in
open-source development tools, Sonatype designed Insight to integrate with the
development process to ensure only components that meet an organization's
quality, security and licensing standards are used-from the design stage
through to production, the company said.
is comprised of three integrated products:
Insight: Provides visibility, proactive monitoring and actionable intelligence
about organizational OSS usage including security, license and quality
metadata for components.
Insight: Enables proactive management of OSS component usage throughout
the software development process. Plug-ins for existing development tools
deliver quality, security and licensing information where it's needed
without disrupting the development process.
Insight: Analyzes and continuously monitors the composition of software
applications, ensuring that they do not have hidden security, license or
quality risks caused by incorporating problematic OSS components. The
product notifies users immediately of newly discovered flaws in
components-even after applications are in production.
launch of Insight is a defining moment for Sonatype in its corporate history
and marks a turning point in our strategic direction," said Jason van Zyl, founder
and CTO of Sonatype, in a statement. "Building on our deep roots in open-source
development, we have built a product that integrates with the development
process to provide helpful, proactive information rather than being a burden or
afterthought to developers. Sonatype Insight delivers actionable information to
the right people, in the right context, at the right time-without disrupting
their development processes."
a governance program and an accompanying management policy, the IT organization
cannot hope to manage, audit or track open-source assets that come into or
leave the enterprise, and it cannot measure the appropriate use of open-source
assets within the broader IT portfolio," said Mark Driver, an analyst with the
Gartner market research firm.
to Gartner, by 2016, OSS will be included in mission-critical software
portfolios within 99 percent of Global 2,000 enterprises, up from 75 percent in
2010. Meanwhile, a January 2011 survey of 1,600 software developers, team leads
and architects conducted by Sonatype found that 87 percent of component use is
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.